Lorne residents invention a solution to town's marauding cockatoos. Residents of the scenic Great Ocean Road are at their wits' end after the increasingly intelligent birds learnt how to lift the lids of wheelie bins, spreading rubbish through the town of Lorne.

Could France do it on a hot, humid, waterlogged and lightning-threatened night in Pennsylvania? The answer was pretty straightforward. Despite an interruption of over two hours after a chain of severe thunderstorms disrupted play at Philadelphia Stadium, France brushed past the physical challenge of Iraq, and furthered Kylian Mbappé’s personal duel with Lionel Messi in the process.

The France captain got another two goals on the night, the first a rip-snorter from outside the box after a period of dominance, the second a tap in after disastrous defending from Iraq. Ousmane Dembélé got the third, his first goal at a major tournament, while Didier Deschamps, who had already made three changes to keep his side fresh, was also able to retire Dembélé and Michael Olise on the hour, preserving them for more taxing contests.

Continue reading...

Full and unconditional ceasefire is a major compromise that Ukraine might ‘recalibrate and modify’, says UN envoy. What we know on day 1,581

Ukraine may revise its ceasefire offer to Russia if the UN security council fails to pass a resolution urging a full and ⁠unconditional end to ⁠the ​hostilities, Kyiv’s envoy to the UN has warned. Ukraine had changed ​the dynamic in the war with recent strikes, said Andrii Melnyk, adding that some 40% of Russia’s oil refineries had been damaged.

Melnyk told a security council session that Ukraine stoody ready for direct negotiations with Russia but “our patience is not endless”. “If the security council would further choose a wait-and-see approach, I cannot exclude that Ukraine may recalibrate and modify its offer. Ceasefire along the de facto ‌front line is already a great compromise.”

The envoy’s statement reflects growing confidence that Ukraine’s war effort is on the front foot, with Russian cities starved of fuel supplies and a “middle strike” campaign seriously disrupting supply lines to Moscow’s occupying forces. The campaign’s success has prompted Russian-held Crimea to halt civilian gasoline sales, Pjotr Sauer writes. All summer camps in illegally annexed Crimea on Monday stopped accepting children and new bookings until 1 September for security reasons, said Sergei Aksyonov, the Russian-installed governor of the illegally occupied peninsula. Aviation authorities temporarily closed Moscow’s four airports on Monday as air defences battled a wave of Ukrainian drones.

Ukraine’s military said it ⁠hit a plant producing electronics for missiles in Russia’s border Voronezh region on Monday and the Russian region’s governor said five people ⁠were killed and ⁠dozens injured ​in the attack. The Ukrainian general staff said precision air-launched cruise missiles hit the facility, which ⁠it described as a “critical component” in Russia’s defence production, making parts for missiles including the Iskander.

Russia’s Dubna satellite communications ⁠centre ⁠in ​the Moscow region was also hit, the Ukrainian general ⁠staff said. Russia’s state-run Tass news agency reported “a massive drone attack by the Ukrainian armed forces”. A top Ukrainian drone maker, General Cherry, meanwhile said that one of its factories had been hit – a rare disclosure.

In the early hours of Tuesday the Ukrainian capital, Kyiv, was put on air raid alert as authorities told people ⁠to seek shelter. Two people sought medical ⁠help after Russian forces struck the south-eastern ​region of ‌Zaporizhzhia, said the governor, Ivan ‌Fedorov. Three more ‌people were wounded in Sumy, in the north, late on Monday, emergency services said. A drone attack on Ukraine’s second-largest city of Kharkiv left one woman wounded, ‌said the mayor, Ihor Terekhov.

Earlier a Russian drone strike on Sumy in north-eastern Ukraine killed three members of one family, including a 13-year-old boy. “Their home was destroyed,” said Volodymyr Zelenskyy, the Ukrainian president. “An ordinary home – not a military target whatsoever.” The attack also wounded two others, regional military head Oleh Hryhorov said on Monday.

A Russian nighttime drone strike also killed a woman and wounded three people, including an 11-year-old boy, in the south-eastern Ukrainian city of Zaporizhzhia, regional head Ivan Fedorov said on Monday. Russia has continuously targeted Ukrainian civilian areas with drones and missiles, and the UN reports more than 16,000 civilian deaths in the war. Recent attacks have increased civilian casualties, with May seeing the highest monthly total since April 2022: at least 274 civilians killed and 1,763 injured.

A Russian drone attack hit a ship in the Black Sea, starting a fire and killing its Egyptian cook, said the Ukrainian deputy prime minister Oleksii Kuleba. Eight other sailors, including citizens of Turkey and India, abandoned ship on a life raft while the vessel “sustained significant damage and lost seaworthiness”, Kuleba said.

Continue reading...

Written in 1947, Kiyoshi Tanimoto’s account of the horrors of the atomic bomb attack will be published in August and is being made into a film

The memoir of a man who survived the horrors of Hiroshima is to be published for the first time this summer after its discovery in a US archive.

The 230-page memoir was written almost 80 years ago by Kiyoshi Tanimoto, who witnessed the city’s destruction after the atomic bomb was dropped in 1945. He will now be portrayed in a major feature film by Takehiro Hira, whose acclaimed roles include the detective in the Netflix Japanese-British drama Giri/Haji. Pre-production begins in November, ahead of the shoot in February 2027.

Continue reading...

Last week, AMD was found to have stripped memory encryption from its consumer CPUs without any warning or notice. Now, following a wave of backlash on social media, the chipmaker has now reinstated the protection, though it still hasn't explained why the safeguard was disabled in the first place. Ars Technica reports: Following the revelation, social media was deluged by comments from AMD consumers decrying the move. They noted that AMD's quiet removal of TSME after supporting it for so long seemed underhanded. The move came solely as a result of firmware changes made in a recent update. With no physical changes required to silicon, continued support was largely, if not purely, a matter of will rather than a necessity required by changes to hardware. The critics called on AMD to reverse the move.

Over the weekend, AMD said it planned to do just that in a firmware update scheduled for release next month. More often than not, the chipmaker refers to TSME as Memory Guard. "Regarding certain non-PRO Ryzen 9000-series desktop processors, a BIOS option to enable Memory Guard was previously available but was removed in a recent update," AMD said in an email. "Based on valuable community feedback, we will reinstate this option in an upcoming BIOS release in July."

The company has yet to explain why it removed the protection. Critics speculate that AMD dropped it in an attempt to steer customers toward more costly CPUs. It's possible, though, that there were less nefarious reasons, such as the difficulty of continued support as chip designs changed. Another possibility is that AMD made the move for performance reasons. Encrypting and decrypting data in memory creates latency. Slowdowns are the enemy of gamers, one of the more popular customer segments using the 9000-line of Ryzen processors. Since many gamers already voluntarily disabled TSME and had little need for it in the first place, AMD may not have considered the change of much consequence.

Read more of this story at Slashdot.

Thomas Hawk posted a photo:

Thomas Hawk posted a photo:

WASHINGTON (ANP) - De politie heeft in de Verenigde Staten nog eens twee mannen aangehouden die worden verdacht van het beramen van een aanval tijdens het kooigevecht bij het Witte Huis op de verjaardag van president Donald Trump. Eerder werden al vijf mannen gearresteerd.

De twee verdachten werden eind vorige week opgepakt in de staten Washington en Missouri. Ze worden verdacht van moord, aldus aanklagers.

De groep van in totaal zeven mannen zou op de 80e verjaardag van Trump een aanval willen uitvoeren met drones geladen met explosieven en sluipschutters. Ter ere van de verjaardag van de president en het 250-jarige bestaan van de VS vond toen in de tuin van het Witte Huis een UFC-kooigevecht plaats.

In de afgelopen tijd werden meer aanslagen op Trump verijdeld. In april slaagde een gewapende man er nog in binnen te dringen tijdens een galadiner in Washington waar de president aanwezig was.

The JavaScript development ecosystem may be a security nightmare, but it's also ripe for improvement. One such tool is the CVE Lite CLI, a free open source dependency scanner that helps reduce the risk of software supply chain attacks. It runs locally and provides actionable vulnerability fixes, if any are available. The tool, endorsed by OWASP, has recently been updated to include override auditing, which has the potential to avert transitive dependency vulnerabilities such as the March 2022 node-ipc package incident. The Shai-hulud software supply chain attacks that have been vexing security professionals for the past few months underscore how common it has become for threat actors to target the developer ecosystem, including CI/CD, package registries, and developer tooling. Software developers can reduce their risk by making sure the dependencies in their apps are up to date and free of known vulnerabilities, but that's more difficult than it should be. It's generally apparent when a particular library or module relies on a vulnerable dependency. But there isn't necessarily an available fix or clear remediation path. Modern JavaScript applications, like many other programming languages, allow developers to incorporate pre-existing solutions to particular problems in the form of packages – modular code that can be imported to implement particular functionality. These packages commonly depend on other packages, which is why they're known as dependencies. And these dependencies in turn may also depend on still more packages, referred to as transitive or indirect dependencies. A common security scenario goes something like this: A developer creates an app using some application framework. The app includes a dependency on "Package A", which itself relies on "Package B" – the transitive or indirect dependency in this situation. If the maintainers of "Package B" have deployed a patch addressing a reported CVE, but the maintainers of "Package A" haven't gotten around to incorporating that change into their code, apps incorporating "Package A" may be vulnerable to attack. Among other possible responses, affected developers may choose to create an override to replace the outdated, vulnerable version of "Package B," a configuration entry that can be removed once "Package A" gets repaired. But Sonu Kapoor, creator of CVE Lite CLI, explained to The Register that overrides represent a legitimate security tool but have limitations. "When a transitive dependency has a CVE and the upstream maintainer hasn't shipped a fix yet, you pin it via npm overrides, pnpm overrides, or Yarn resolutions," Kapoor explained in an email. "Once the vulnerability is addressed and CI passes, you move on. The problem is what happens after that." Kapoor recently added an override auditing tool to the CLI. When he scanned four popular JavaScript open source projects, he found that three of the four had broken overrides. "Cal.com has 90 override entries and 11 that are silently doing nothing," he said. "Jest has an override for its own package name pointing at nothing in the resolved tree. NoCoDB has entries using wildcard patterns that never matched any path in the graph. Next.js was the only clean one with zero findings, which tells me the tool is finding a real pattern, not noise." This can be dangerous, he said, when a project migrates between package managers (e.g. npm to pnpm) that looks for overrides in a different location. "npm reads from overrides, pnpm from pnpm.overrides, Yarn from resolutions," he explained. "When a team migrates package managers and forgets to move their security pins, the package manager silently ignores them. No error, no warning, the vulnerable package ships unconstrained." Kapoor said that AI coding assistants commonly advise developers to add override entries when asked to fix a transitive dependency vulnerability. "That advice is correct at the moment," he said. "None of them ever tell the developer to come back and verify the entry still works." CVE Lite CLI, Kapoor said, does not recommend overrides as the way to properly address a vulnerable dependency. "Overrides look like a security fix in package.json, but routinely outlive their purpose – they can point at packages no longer in the dependency tree, apply to the wrong package manager entirely, or shift to an unintended version on every install," he said. "The override hygiene feature exists precisely because of this failure mode: teams add an override to address a CVE, move on, and years later, the override does nothing while they still believe they're protected." ®

uchi uchi has added a photo to the pool:

OLYMPUS DIGITAL CAMERA

uchi uchi has added a photo to the pool:

OLYMPUS DIGITAL CAMERA